Fix github workflows #12

	# This workflow uses actions that are not certified by GitHub.
	# They are provided by a third-party and are governed by
	# separate terms of service, privacy policy, and support
	# documentation.

	# This workflow integrates Brakeman with GitHub's Code Scanning feature
	# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications

	name: Brakeman Scan

	on:
	push:
	branches: ['master']
	pull_request:
	# The branches below must be a subset of the branches above
	branches: ['master']
	# schedule:
	# - cron: '28 13 * * 4'

	permissions:
	contents: read

	jobs:
	brakeman-scan:
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
	name: Brakeman Scan
	runs-on: ubuntu-latest
	steps:
	# Checkout the repository to the GitHub Actions runner
	- name: Checkout
	uses: actions/checkout@v3

	# Customize the ruby version depending on your needs
	- name: Install Ruby and gems
	uses: ruby/setup-ruby@v1
	with:
	ruby-version: '2.7'
	bundler-cache: true

	# Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
	- name: Scan
	continue-on-error: true
	run: \|
	bundle exec brakeman -f sarif -o output.sarif.json .

	# Upload the SARIF file generated in the previous step
	- name: Upload SARIF
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: output.sarif.json

Provide feedback